This detection rule identifies potential password spraying attacks on AWS Console accounts by monitoring failed login attempts. It captures instances where a single source IP address shows failed authentication attempts for at least 30 unique users within a 10-minute window, utilizing AWS CloudTrail logs. The rule signifies potentially malicious activity that could lead to unauthorized access or data breaches if an attacker successfully exploits weak passwords or credentials across multiple accounts.